This adds other detail AND eliminates several warnings:
rest/services/admin/alert_manager/settings splunk_server=local
| fields default_owner
| rename default_owner AS name
| append [ makeresults | eval name="unassigned" | eval realname ="Placeholder 'NULL' non-User" ]
| fields - _time
| append [ inputlookup alert_users | sort name | fields name ]
| append [| rest/services/authentication/users splunk_server=local
| search roles="alert_manager"
| dedup title realname
| table title realname email type roles
| table title realname
| rename title AS name ]
| stats values() AS BY name
| sort 0 name
This adds other detail AND eliminates several warnings: rest/services/admin/alert_manager/settings splunk_server=local | fields default_owner | rename default_owner AS name | append [ makeresults | eval name="unassigned" | eval realname ="Placeholder 'NULL' non-User" ] | fields - _time | append [ inputlookup alert_users | sort name | fields name ] | append [| rest/services/authentication/users splunk_server=local | search roles="alert_manager" | dedup title realname | table title realname email type roles | table title realname | rename title AS name ] | stats values() AS BY name | sort 0 name